Setup Co-Management Cloud DP Azure Blob Storage

0
Co-Management Cloud DP

A Cloud-based Distribution Point (CDP) is an SCCM DP that is hosted in Microsoft Azure. The application packages will be stored in Azure Blob storage. And it is a PaaS (Platform As A Service) solution from Microsoft SCCM. Security Patching of Azure PaaS solution servers is Microsoft’s responsibility. In this post, we will see how to setup co-management cloud DP.

Co-Management Related Posts

All Co Management Video Tutorial in one post here.

Overview Windows 10 Co-Management with Intune and SCCM 
Custom Report to Identify Machines Connected via SCCM CMG  
How to Setup Co-Management - Introduction - Prerequisites Part 1 
How to Setup Co-Management - Firewall Ports Proxy Requirements Part 2 
Setup Co-Management - AAD Connect UPN Suffix Part 3 
Setup Co-Management - CA PKI & Certificates Part 4 
Setup Co-Management Cloud DP Azure Blob Storage Part 5 (This Post)
Setup Co-Management Azure Cloud Services CMG Part 6
SCCM Configure Settings for Client PKI certificates Part 7
How to Setup SCCM Co-Management to Offload Workloads to Intune - Part 8
How to Deploy SCCM Client from Intune - Co-Management - Part 9
End User Experience of Windows 10 Co-Management - Part 10 

Content of this Post

Video Tutorial to Setup Co-Management Cloud DP
Co-Management Cloud DP Requirement
How to Configure Cloud DP
How to Test Cloud DP Functionality 
Sample/Default Configuration of Cloud DP Wizard
Azure Blob Storage Cloud DP

Video Tutorial to Setup Co-Management Cloud DP

Co-Management Cloud DP Requirement

Cloud DP (CDP) is not a prerequisite for SCCM Co-Management. However,  Cloud DP (CDP) is required for the scenario where you want to install SCCM client from the internet. SCCM Cloud Management Gateway (CMG) & CDP are necessary for the situation mentioned above.

Azure Subscription and access rights are required to provision Cloud DP server and storage in Azure PaaS. SCCM will automatically perform the provisioning of cloud DP for you. You can confirm the details of configurations in SCCM console wizard.

There is no option to have ARM-based CDP for SCCM 1802 or previous versions. Hence, we need to provision CDP via classic model with a self signed authentication certificate. This cert is required for completing the Cloud DP wizard from SCCM CB console. I would recommend reading the previous post Setup Co-Management CA PKI Certificates to have more details.

A service certificate (PKI) or Public Cert is required that is used by SCCM clients to connect to CDP and download content from them by using HTTPS.

A device or user must have Allow Access to cloud distribution points set to Yes in the client setting of Cloud Services before a device or user can access content from a cloud-based distribution point. By default, this value is set to No.

A client must be able to access the Internet to use the cloud-based distribution point.

A client must be able to resolve the name of the cloud service, which requires a Domain Name System (DNS) alias and a CNAME record in your DNS namespace.

TIP:- For SCCM LAB use the host file for name resolution. And following is the sample entry which I used in the host file 52.183.228.213 http://5351e58bea6d46e3b2483e2d.cloudapp.net/

I would recommend reading documentation on CDP prerequisites before proceeding further.

How to Configure Cloud DP

Once you have Azure subscription ID, Certs, and appropriate access to subscription, then you can start the Cloud DP installation wizard from SCCM console. Co-management Cloud DP installation is straightforward once you have the requirements ready.

Navigate via SCCM console \Administration\Overview\Cloud Services\Cloud Distribution Points. Click on ribbon icon “Create Cloud Distribution Point” to kick-start the CDP installation wizard. Go through the wizard as I have shown in the video tutorial.

How to Test Cloud DP Functionality

We can confirm the functionality of cloud DP without distributing any packages manually. There are two (2) default packages get automatically distributed to CDP.

Configuration Manager Client Package 224.74 MB
Configuration Manager Client Piloting Package 224.74 MB

You can check the status of these package distribution from SCCM console “\Monitoring\ Overview\Distribution Status\Content Status\Configuration Manager Client Package”.

You can also look at the log files to get more details about the Cloud DP provisioning process and communication.

DistMgr.log
CloudDP-<ServiceName>.log
and PkgXferMgr.log
CloudDP-<ServiceName>.log
***Start of trace dump from WADLogsTable, storage account = 5351e58bec6d46e3b148ve2d. (query for entries between [01/01/1601 00:00:00] and [04/12/2018 13:54:57] $$<C:\Program Files\Microsoft Configuration Manager\bin\x64\smsexec.exe><04-12-2018 13:59:59.255381-00><thread=33 (2508)>
UpdateTraceSwitchValues - Trace switch values set: TraceLevel =Information $$<ContentService_IN_0 9a7fed20432c44879cd210acc451b21b><04-12-2018 13:28:36.229625-00><thread=2904 (1784)>
Starting...; TraceSource 'CloudDPService' event $$<ContentService_IN_0 9a7fdd20432b44879ed210acc451b21b><04-12-2018 13:28:36.229625-00><thread=2904 (1784)>
Exiting...; TraceSource 'CloudDPService' event $$<ContentService_IN_0 9a7fed20432c44879cd211acc451b21b><04-12-2018 13:49:26.136926-00><thread=2256 (1784)>
PkgXferMgr.log
--------------
Sending thread starting for Job: 2, package: PR300004, Version: 4, Priority: 1, server: ACMCDP01.CLOUDAPP.NET, DPPriority: 200
Sent status to the distribution manager for pkg PR300007, version 4, status 0 and distribution point ["Display=\\ACMCDP01.cloudapp.net\"]MSWNET:["SMS_SITE=PR3"]\\ACMCDP01.cloudapp.net
["Display=\\ACMCDP01.cloudapp.net\"]MSWNET:["SMS_SITE=PR3"]\\ACMCDP01.cloudapp.net\ is a cloud distribution point. Will attempt to upload the package to this Cloud distribution point
Sent status to the distribution manager for pkg PR300003, version 5, status 0 and distribution point ["Display=\\ACMCDP01.cloudapp.net\"]MSWNET:["SMS_SITE=PR3"]\\ACMCDP01.cloudapp.net\

Sample/Default Configuration of Cloud DP Wizard

General
• Subscription ID: dda75f69a-5a3b-4ecd-b385-db1223e9549873
• Management Certificate:\\dc1\Sources\Certs\Azure MGMT Cert\ACNCMGAzureMgmt.pfx
Settings
• Service Name: 5351e58beadhdgd6d46e3b148ee2d
• Description: ACNCDP01
• Primary Site: Primary CB 2 (PR3)
• Region: South Central US
• Resource group:
• Service Certificate:\\dc1\Sources\Certs\ACNCDP01.pfx
• CName:ACMCDP01.cloudapp.net
Alerts
• Storage alert threshold: Enabled
• Storage alert threshold: 2000 GB
• Warning Storage alert level: 50%
• Critical Storage alert level: 90%
• Traffic Out Threshold: Enabled
• Traffic Out Threshold: 10000 GB
• Warning Traffic alert level: 50%
• Critical Traffic alert level: 90%

Azure Blob Storage Cloud DP

Deep Dive into Azure portal and check the blob storage for the content files. The cloud DP package content is stored in the blob storage. You don’t have to change anything in the permission level in the blog storage. But you can delegate Blob storage permissions to SCCM team if needed. But this permission setting is not part of SCCM RBAC. However, the permission delegation can be done via an Azure AD.

I would recommend reading the following document Install cloud-based distribution points in Microsoft Azure for SCCM.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.